Privacy Policy


This Privacy and Data Protection Policy has been approved by Nick Morton and Simon Morton, Directors of Supplyant and is to be used by partners of the Digital Future First Project, SEMLEP Call OC31S19P1338, Digital Skills Resilience Investment Priority 2.2: Improving the labour market relevance of education and training systems.

In accordance with this policy, all staff are responsible for managing, storing appropriately and disposing of the information they create and receive as part of their normal daily business activities. Partner organisations will ensure that this Policy is followed by their staff, clients, board members, volunteers, service participants and wider stakeholders. This Policy also applies to records that third parties manage on behalf of Supplyant and should be read in conjunction with the Document Retention Policy

Supplyant recognises and understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our customers, subscribers and website visitors and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law. This policy explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
What is personal data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

What are your rights?

Under the GDPR, you have the following rights, which we will always work to uphold:

  • The right to be informed about our collection and use of your personal data. This Policy should tell you everything you need to know, but you can always contact us to find out more.
  • The right to access the personal data we hold about you.
  • The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
  • The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any and all of your personal data that we have.
  • The right to restrict (i.e. prevent) the processing of your personal data.
  • The right to object to us using your personal data for a particular purpose or purposes.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

What types of data do we collect?

We may collect some or all the following data (this may vary according to your relationship with us): Name; Job Title; Employer’s Name; Correspondence Address; E-mail Address; Phone Number(s); Social Media Accounts; Payment Information, and; Information about your preferences and interests. If you believe that any information we are holding on you is incorrect or incomplete, please write to or e-mail us as soon as possible. We will promptly correct any information found to be incorrect.

How do we use your data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. For example, if you are a current client of ours, then it is permissible for us to use your relevant data in how we fulfil our contract with you. More broadly, your data may be used for one of the following purposes:

  • Providing and managing your account.
  • Supplying our services to you.
  • Communicating with you. This may include responding to emails or calls from you.
  • Supplying you with information by that you have opted-in to (you may unsubscribe or opt-out at any time by contacting us).
  • Sharing information, news, and offers about our services.
  • Sharing intelligence, information, updates and news about the primary sectors in which we operate (including employment, skills, health, justice and housing).
  • Sharing access to advertorials posted on our website on behalf of third party suppliers (we will not pass your contact details directly to any such supplier).

We may also use the information to improve our products and services (e.g. we may use the information to help customise our website according to your interests.)

If you do not wish us to use your data for any of the purposes described above, then please contact us and let us know, so that we can make any necessary revisions.

How long will we keep your personal data?

We won’t keep your personal data for any longer than is necessary in respect of the reason(s) for which it was first collected.

Where we have been contracted to deliver a service to you, or where you have acted as a client point of contact for a service we have delivered, we shall retain your contact details for a minimum period of three years;

Where you have opted in to receive communications from us, we shall retain the details you have provided for so long as you remain an active subscriber (i.e. you have not unsubscribed);

Where you have contacted us to enquire about our products and services, we shall retain your contact details for a minimum period of 12 months, as we are mindful that you may not necessarily make an immediate decision as to whether you may make a purchase.

If you wish to exercise your right to be forgotten, and have all data held about you deleted from our records (and where this does not otherwise compromise an active and current contract between your organisation and CB Solutions) please contact us to this end, and this will be facilitated.

As stated in the latest Document Retention Policy, the default standard retention period for ESIF contracted programme records is 11 years plus current, otherwise known as 11 years + 1. Records will be retained securely for this period in line with the Managing Authority and EU Audit requirements. (Article 140 Commission Regulation in that all projects under the ESF 2014-2020 Programme must ensure they keep all documents for 10 years after their final ESF claim is paid by the ESF Managing Authority). Control of these documents will be by authorised Directors of Supplyant

How and where do we store or transfer personal data?

We may store or transfer some or all your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK.

To prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure any information we collect online (e.g. if you input any personal data into our website).

Do we share your personal data?

We will not share any of your personal data with any third parties for any purposes, subject to one important exception. In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

Please note that our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question. If you would like to know more about the specific third-party links which we use on our website, please write to us for details.

How can you access your personal data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and addressed to Supplyant, 35 Duncan Close, Northampton NN3 6WL. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding. We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

How do we use Cookies?

A cookie is a small text file that is sent to your computer via your web browser when you visit our website. A cookie is used to store information about you for the next time you visit us; information like where you went on the site and what you did. Cookie files help us to remember you when you next visit. We use cookies to recognise returning visitors and to deliver content specific to your interests. We don’t use cookies to track people’s internet usage after leaving our sites and we don’t store personal information in them that others could read. You cannot be identified personally from the information we collect while you browse our website and we mainly examine browsing activity to monitor aggregated site traffic and analyse it. If you would like to know more about the specific cookie files which we use on our website, please write to us for details.

How do you contact us?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

Email address:

How do we update this policy?

This policy will be reviewed annually, or as and when legislative and regulatory requirements may warrant a revision and it will always be available on our website. If you would like us to send you a copy of the policy each time it is updated, please contact us to this end.


    Digital Future First is part funded by the European Social Fund and led by Supplyant Limited, and co-developed in partnership with Database for Business Limited and the Learning and Skills Academy CIC


    34-35 Duncan Close, Moulton Park Ind Est, Northampton, NN3 6WL


    01604 679097